<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
* <p>
    Specifies the URL to send users to if login is required. If used with
    {@link WebSecurityConfigurerAdapter} a default login page will be generated when
    this attribute is not specified.
</p>

<p>
    If a URL is specified or this is not being used in conjuction with
    {@link WebSecurityConfigurerAdapter}, users are required to process the specified
    URL to generate a login page. In general, the login page should create a form that
    submits a request with the following requirements to work with
    {@link UsernamePasswordAuthenticationFilter}:
</p>

<ul>
    <li>It must be an HTTP POST</li>
    <li>It must be submitted to {@link #loginProcessingUrl(String)}</li>
    <li>It should include the username as an HTTP parameter by the name of
        {@link #usernameParameter(String)}</li>
    <li>It should include the password as an HTTP parameter by the name of
        {@link #passwordParameter(String)}</li>
</ul>

<h2>Example login.jsp</h2>

Login pages can be rendered with any technology you choose so long as the rules
above are followed. Below is an example login.jsp that can be used as a quick start
when using JSP's or as a baseline to translate into another view technology.

<pre>
 <!-- loginProcessingUrl should correspond to FormLoginConfigurer#loginProcessingUrl. Don't forget to perform a POST -->
 &lt;c:url value="/login" var="loginProcessingUrl"/&gt;
 &lt;form action="${loginProcessingUrl}" method="post"&gt;
    &lt;fieldset&gt;
        &lt;legend&gt;Please Login&lt;/legend&gt;
        &lt;!-- use param.error assuming FormLoginConfigurer#failureUrl contains the query parameter error --&gt;
        &lt;c:if test="${param.error != null}"&gt;
            &lt;div&gt;
                Failed to login.
                &lt;c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}"&gt;
                  Reason: &lt;c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" /&gt;
                &lt;/c:if&gt;
            &lt;/div&gt;
        &lt;/c:if&gt;
        &lt;!-- the configured LogoutConfigurer#logoutSuccessUrl is /login?logout and contains the query param logout --&gt;
        &lt;c:if test="${param.logout != null}"&gt;
            &lt;div&gt;
                You have been logged out.
            &lt;/div&gt;
        &lt;/c:if&gt;
        &lt;p&gt;
        &lt;label for="username"&gt;Username&lt;/label&gt;
        &lt;input type="text" id="username" name="username"/&gt;
        &lt;/p&gt;
        &lt;p&gt;
        &lt;label for="password"&gt;Password&lt;/label&gt;
        &lt;input type="password" id="password" name="password"/&gt;
        &lt;/p&gt;
        &lt;!-- if using RememberMeConfigurer make sure remember-me matches RememberMeConfigurer#rememberMeParameter --&gt;
        &lt;p&gt;
        &lt;label for="remember-me"&gt;Remember Me?&lt;/label&gt;
        &lt;input type="checkbox" id="remember-me" name="remember-me"/&gt;
        &lt;/p&gt;
        &lt;div&gt;
            &lt;button type="submit" class="btn"&gt;Log in&lt;/button&gt;
        &lt;/div&gt;
    &lt;/fieldset&gt;
 &lt;/form&gt;
 </pre>

<h2>Impact on other defaults</h2>

Updating this value, also impacts a number of other default values. For example,
the following are the default values when only formLogin() was specified.

<ul>
    <li>/login GET - the login form</li>
    <li>/login POST - process the credentials and if valid authenticate the user</li>
    <li>/login?error GET - redirect here for failed authentication attempts</li>
    <li>/login?logout GET - redirect here after successfully logging out</li>
</ul>

If "/authenticate" was passed to this method it update the defaults as shown below:

<ul>
    <li>/authenticate GET - the login form</li>
    <li>/authenticate POST - process the credentials and if valid authenticate the user
    </li>
    <li>/authenticate?error GET - redirect here for failed authentication attempts</li>
    <li>/authenticate?logout GET - redirect here after successfully logging out</li>
</ul>

</body>
</html>